mirai | 53fd73f8df2d6d452f79544e0e77b657c8a5986f3492cbfdec58d6a4e2f47185 | Triage

Submit
Reports

Overview

overview

Static

static

sora.arm7

linux_armhf

9

Sharing

General

Target

sora.arm7
Size

125KB
Sample

211206-yq2apshhg9
MD5

615efd8ebfe11f962016505691fa532f
SHA1

f598b05398e90890a67341ef02b804042505c13b
SHA256

53fd73f8df2d6d452f79544e0e77b657c8a5986f3492cbfdec58d6a4e2f47185
SHA512

d826eae3dbf983a0b3cff6681f0d51b5e2e43d87855b9e0d9218c607d88c1c5759fad798fb4ca5c5d85610ddb5d660767ae4c2a0759cb03d1b69b5057159af85

Score

10^/10

mirai linux

Static task

static1

Behavioral task

behavioral1

Sample

sora.arm7

Resource

debian9-armhf-en-20211025

linux_armhf

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  sora.arm7
- Size
  
  125KB
- MD5
  
  615efd8ebfe11f962016505691fa532f
- SHA1
  
  f598b05398e90890a67341ef02b804042505c13b
- SHA256
  
  53fd73f8df2d6d452f79544e0e77b657c8a5986f3492cbfdec58d6a4e2f47185
- SHA512
  
  d826eae3dbf983a0b3cff6681f0d51b5e2e43d87855b9e0d9218c607d88c1c5759fad798fb4ca5c5d85610ddb5d660767ae4c2a0759cb03d1b69b5057159af85
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy